公开(公告)号：WO2015069573A1

公开(公告)日：2015-05-14

申请号：PCT/US2014/063555

申请日：2014-10-31

Applicant: CISCO TECHNOLOGY, INC.

Inventor： CHU, Kit Chiu ,  EDSALL, Thomas J. ,  YADAV, Navindra ,  MATUS, Francisco M. ,  DODDAPANENI, Krishna ,  SINHA, Satyam

IPC: H04L12/707 ,  H04L12/46 ,  H04L12/703 ,  H04L12/723 ,  H04L12/709

CPC classification number: H04L45/28 ,  H04L12/18 ,  H04L12/4633 ,  H04L12/4641 ,  H04L12/4645 ,  H04L41/0654 ,  H04L43/0811 ,  H04L43/0852 ,  H04L43/0894 ,  H04L43/16 ,  H04L45/02 ,  H04L45/021 ,  H04L45/22 ,  H04L45/24 ,  H04L45/245 ,  H04L45/48 ,  H04L45/50 ,  H04L45/64 ,  H04L45/74 ,  H04L45/745 ,  H04L45/7453 ,  H04L47/125 ,  H04L49/70 ,  H04L51/14 ,  H04L61/2503 ,  H04L61/2592 ,  H04L67/10 ,  H04L69/22 ,  H04L2212/00

Abstract: Aspects of the subject disclosure relate to methods for detecting a link failure between the first network device and a destination node, receiving a data packet addressed to the destination node, and rewriting encapsulation information of the first data packet. Subsequent to rewriting the encapsulation information of the first data packet, the first data packet is forwarded to a second network device (e.g., using updated address information in the packet header), wherein the second network device is paired with the first network device in the virtual port channel. In certain aspects, systems and computer readable media are also provided.

Abstract translation: 本公开的方面涉及用于检测第一网络设备和目的地节点之间的链路故障的方法，接收寻址到目的地节点的数据分组以及重写第一数据分组的封装信息。 在重写第一数据分组的封装信息之后，将第一数据分组转发到第二网络设备（例如，使用分组报头中的更新的地址信息），其中第二网络设备与第一网络设备配对 虚拟端口通道。 在某些方面，还提供了系统和计算机可读介质。

公开(公告)号：WO2011140007A1

公开(公告)日：2011-11-10

申请号：PCT/US2011/034883

申请日：2011-05-03

Applicant: CISCO TECHNOLOGY, INC. ,  JAIN, Sudhir ,  CALHOUN, Patrice ,  CHOUDHURY, Abhijit ,  SURI, Rohit ,  LOI, Ly ,  GOPALASETTY, Bhanu ,  YADAV, Navindra ,  ERTEMALP, Fusun

Inventor： JAIN, Sudhir ,  CALHOUN, Patrice ,  CHOUDHURY, Abhijit ,  SURI, Rohit ,  LOI, Ly ,  GOPALASETTY, Bhanu ,  YADAV, Navindra ,  ERTEMALP, Fusun

IPC: H04W8/08

CPC classification number: H04W8/085 ,  H04W8/26

Abstract: A system and method are provided for a hierarchical distributed control architecture to support roaming of wireless client devices. A plurality of access switches are provided and configured to serve one or more Internet Protocol (IP) subnets that comprises a plurality of IP addresses. The plurality of access switches are arranged in switch peer groups such that each access switch within a given switch peer group is configured to store information about other access switches in that switch peer group and about locations of wireless client devices that are associated with any wireless access point on any access switch in the switch peer group. The plurality of access switches are further grouped into a corresponding one of a plurality of mobility sub-domains each comprising a plurality of switch peer groups. A plurality of controller devices are provided, each configured to control access switches in a corresponding mobility sub-domain. Each controller device stores information about the plurality of access switches within its mobility sub-domain and about locations of wireless client devices at access switches in its mobility sub-domain. A central controller device is provided and configured to communicate with the plurality of controller devices for the respective mobility sub-domains. The central controller device is configured to store information about locations of wireless client devices in the mobility sub-domains.

Abstract translation: 提供了一种用于分级分布式控制架构以支持无线客户端设备的漫游的系统和方法。 多个接入交换机被提供和配置为服务于包括多个IP地址的一个或多个因特网协议（IP）子网。 多个接入交换机被布置在交换对等体组中，使得给定交换机对等体组内的每个接入交换机被配置为存储关于该交换对等体组中的其他接入交换机的信息以及与任何无线接入相关联的无线客户端设备的位置 指向交换机对等体组中的任何接入交换机。 多个接入交换机被进一步分组成多个移动性子域中的每个包括多个交换对等体组的对应的一个。 提供了多个控制器设备，每个控制器设备被配置为控制相应的移动性子域中的接入交换机。 每个控制器设备将关于多个接入交换机的信息存储在其移动性子域内以及关于移动性子域中的接入交换机处的无线客户端设备的位置。 中央控制器设备被提供和配置成与用于各个移动性子域的多个控制器设备进行通信。 中央控制器设备被配置为存储关于移动性子域中的无线客户端设备的位置的信息。

公开(公告)号：WO2008076859A2

公开(公告)日：2008-06-26

申请号：PCT/US2007/087519

申请日：2007-12-14

Applicant: CISCO TECHNOLOGY, INC. ,  PANDIAN, Gnanaprakasam ,  YADAV, Navindra ,  YANG, Sheausong ,  GOPALASETTY, Bhanu ,  ARUNACHALAM, Senthil

Inventor： PANDIAN, Gnanaprakasam ,  YADAV, Navindra ,  YANG, Sheausong ,  GOPALASETTY, Bhanu ,  ARUNACHALAM, Senthil

IPC: H04Q7/20

CPC classification number: H04W36/0016 ,  H04W36/02 ,  H04W40/32 ,  H04W40/36

Abstract: A method and apparatus for handoff of a wireless client from a first network device to a second network device in a wired network are disclosed. In one embodiment, the method includes receiving data from a new wireless client at the second network device and transmitting a request for a route update for the new wireless client to the wired network. Prior to network convergence for the route update, data traffic for the new wireless client is received from the first network device and forwarded to the new wireless client. Context information for the new wireless client is transmitted from the second network device to other network devices in a proximity group of the second network device.

Abstract translation: 公开了一种用于将无线客户端从有线网络中的第一网络设备切换到第二网络设备的方法和装置。 在一个实施例中，该方法包括从第二网络设备处的新无线客户端接收数据，并向有线网络发送新无线客户端的路由更新请求。 在用于路由更新的网络融合之前，从第一网络设备接收到新的无线客户端的数据业务并转发给新的无线客户端。 用于新无线客户端的上下文信息从第二网络设备发送到第二网络设备的接近组中的其他网络设备。

公开(公告)号：WO2022005816A1

公开(公告)日：2022-01-06

申请号：PCT/US2021/038470

申请日：2021-06-22

Applicant: CISCO TECHNOLOGY, INC.

Inventor： SLOANE, Andy ,  KULSHRESHTHA, Ashutosh ,  PATEL, Hiral Shashikant ,  JEYAKUMAR, Vimal ,  YADAV, Navindra ,  BALUS, Florin Stelian

IPC: G06F21/57 ,  G06F21/55 ,  G06F16/24578 ,  G06F16/353 ,  G06F16/953 ,  G06F21/552 ,  G06F21/577 ,  G06F2221/033 ,  G06N20/00 ,  G06N5/04

Abstract: Systems, methods, and computer-readable for identifying known vulnerabilities in a software product include determining a set of one or more processed words based on applying text classification to one or more names associated with a product, where the text classification is based on analyzing a database of names associated with a database of products. Similarity scores are determined between the set of one or more processed words and names associated with one or more known vulnerabilities maintained in a database of known vulnerabilities in products. Equivalence mapping is performed between the one or more names associated with the product and the one or more known vulnerabilities, based on the similarity scores. Known vulnerabilities in the product are identified based on the equivalence mapping.

公开(公告)号：WO2019147669A1

公开(公告)日：2019-08-01

申请号：PCT/US2019/014747

申请日：2019-01-23

Applicant: CISCO TECHNOLOGY, INC.

Inventor： RAO, Supreeth ,  YADAV, Navindra ,  ARUMUGAM, Umamaheswaran ,  WATTS, Micheal ,  GANDHAM, Shashi ,  MALLESHAIAH, Prasannakumar Jobigenahally ,  NGUYEN, Duy ,  VU, Hai ,  PATWARDHAN, Tapan Shrikrishna ,  MA, Aiyesha ,  ZOU, Xuan ,  PRABAKARAN, Jothi Prakash

IPC: H04L29/08

Abstract: Systems, methods, and computer-readable media for flow stitching network traffic flow segments at a middlebox in a network environment. In some embodiments, a method can include collecting flow records of traffic flow segments at a middlebox in a network environment including one or more transaction identifiers assigned to the traffic flow segments. The traffic flow segments can correspond to one or more traffic flows passing through the middlebox and flow directions of the traffic flow segments with respect to the middlebox can be identified using the flow records. The traffic flow segments can be stitched together based on the one or more transaction identifiers and the flow directions of the traffic flow segments to form a stitched traffic flow of the one or more traffic flows passing through the middlebox. The stitched traffic flow can be incorporated as part of network traffic data for the network environment.

公开(公告)号：WO2016196686A1

公开(公告)日：2016-12-08

申请号：PCT/US2016/035351

申请日：2016-06-01

Applicant: CISCO TECHNOLOGY, INC.

Inventor： GUPTA, Sunil Kumar ,  YADAV, Navindra ,  WATTS, Michael Standish ,  PARANDEHGHEIBI, Ali ,  GANDHAM, Shashidhar ,  KULSHRESHTHA, Ashutosh ,  DEEN, Khawar

IPC: H04L12/26 ,  H04L29/06

CPC classification number: H04L63/20 ,  H04L43/04

Abstract: A network can achieve compliance by defining and enforcing a set of network policies to secure protected electronic information. The network can monitor network data, host/endpoint data, process data, and user data for traffic using a sensor network that provides multiple perspectives. The sensor network can include sensors for networking devices, physical servers, hypervisors or shared kernels, virtual partitions, and other network components. The network can analyze the network data, host/endpoint data, process data, and user data to determine policies for traffic. The network can determine expected network actions based on the policies, such as allowing traffic, denying traffic, configuring traffic for quality of service (QoS), or redirecting traffic along a specific route. The network can update policy data based on the expected network actions and actual network actions. The policy data can be utilized for compliance.

Abstract translation: 网络可以通过定义和实施一组网络策略来实现合规性，以保护受保护的电子信息。 该网络可以使用提供多个视角的传感器网络来监控网络数据，主机/端点数据，过程数据和流量的用户数据。 传感器网络可以包括用于网络设备，物理服务器，虚拟机管理程序或共享内核，虚拟分区和其他网络组件的传感器。 网络可以分析网络数据，主机/端点数据，过程数据和用户数据，以确定流量策略。 网络可以基于策略来确定预期的网络动作，例如允许流量，拒绝流量，为服务质量（QoS）配置流量，或者沿特定路由重定向流量。 网络可以根据预期的网络动作和实际的网络动作来更新策略数据。 政策数据可以用于遵守。

公开(公告)号：WO2016195985A1

公开(公告)日：2016-12-08

申请号：PCT/US2016/032726

申请日：2016-05-16

Applicant: CISCO TECHNOLOGY, INC.

Inventor： YADAV, Navindra ,  SCHEIB, Ellen ,  AGASTHY, Rachita

IPC: H04L12/24

CPC classification number: H04L43/04 ,  G06N99/005 ,  H04L41/142 ,  H04L41/16 ,  H04L43/12 ,  H04L63/1425

Abstract: In one embodiment, a method includes receiving at an analytics module operating at a network device, network traffic data collected from a plurality of sensors distributed throughout a network and installed in network components to obtain the network traffic data from packets transmitted to and from the network components and monitor network flows within the network from multiple perspectives in the network, processing the network traffic data at the analytics module, the network traffic data comprising process information, user information, and host information, and identifying at the analytics module, anomalies within the network traffic data based on dynamic modeling of network behavior. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括在在网络设备处操作的分析模块处接收从分布在整个网络中的多个传感器收集并安装在网络组件中的网络业务数据，以从网络中传送的网络流量数据 组件，并从网络中的多个角度监控网络内的网络流量，处理分析模块上的网络流量数据，包括过程信息，用户信息和主机信息的网络流量数据，以及在分析模块识别内部的异常 基于网络行为动态建模的网络流量数据。 本文还公开了一种装置和逻辑。

公开(公告)号：WO2014182615A1

公开(公告)日：2014-11-13

申请号：PCT/US2014/036789

申请日：2014-05-05

Applicant: CISCO TECHNOLOGY, INC.

Inventor： GUICHARD, James ,  QUINN, Paul ,  WARD, David ,  KUMAR, Surendra ,  YADAV, Navindra ,  SMITH, Michael, R. ,  BAGEPALLI, Nagaraj, A.

IPC: H04L12/24

CPC classification number: H04L45/306 ,  H04L41/0893 ,  H04L47/2441 ,  H04L69/22

Abstract: Techniques are provided to decouple service chain structure from the underlying network forwarding state and allow for data plane learning of service chain forwarding requirements and any association between services function state requirements and the forward and reverse forwarding paths for a service chain. In a network comprising a plurality of network nodes each configured to apply a service function to traffic that passes through the respective network node, a packet is received at a network node. When the network node determines that the service function it applies is stateful, it updates context information in a network service header of the packet to indicate that the service function applied at the network node is stateful and that traffic for a reverse path matching the classification criteria is to be returned to the network node.

Abstract translation: 提供了技术来将服务链结构与底层网络转发状态分离，并允许服务链转发要求的数据平面学习和服务功能状态要求与服务链的前向和后向转发路径之间的任何关联。 在包括多个网络节点的网络中，每个网络节点被配置为将服务功能应用于通过相应网络节点的业务，在网络节点处接收分组。 当网络节点确定其应用的服务功能是有状态时，它更新分组的网络服务报头中的上下文信息，以指示在网络节点处应用的服务功能是有状态的，并且用于与分类标准匹配的反向路径的业务 将被返回到网络节点。

公开(公告)号：WO2021257407A2

公开(公告)日：2021-12-23

申请号：PCT/US2021/037079

申请日：2021-06-11

Applicant: CISCO TECHNOLOGY, INC.

Inventor： RAO, Supreeth ,  YADAV, Navindra ,  MALLESHAIAH, Prasannakumar Jobigenahally ,  PATWARDHAN, Tapan Shrikrishna ,  ARUMUGAM, Umamaheswaran ,  PURANDARE, Darshan Shrinath ,  MA, Aiyesha ,  SUN, Fuzhuo ,  KUMAR, Ashok

IPC: G06F21/50 ,  G06F21/55 ,  G06F21/57 ,  G06Q10/06 ,  H04L29/06 ,  G06F21/554 ,  G06F21/577 ,  H04L63/029 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/164 ,  H04L63/20

Abstract: The present disclosure relates to methods, systems, and non-transitory computer readable media for generating an application protectability index for network applications and a corresponding protectability scheme. In one aspect, a method includes identifying, by a network controller, network layers associated with an application; determining, by the network controller, a corresponding security index for the application at each of the network layers to yield a plurality of security indexes, each of the plurality of security indexes providing an objective assessment of protectability of the application at a corresponding one of the network layers; determining, by the network controller, an application protectability index; and providing an application protectability scheme for protecting the application based on the application protectability index.

公开(公告)号：WO2018183422A1

公开(公告)日：2018-10-04

申请号：PCT/US2018/024730

申请日：2018-03-28

Applicant: CISCO TECHNOLOGY, INC.

Inventor： KULSHRESHTHA, Ashutosh ,  MADANI, Omid ,  JEYAKUMAR, Vimal ,  YADAV, Navindra ,  PARANDEHGHEIBI, Ali ,  SLOANE, Andy ,  CHANG, Kai ,  DEEN, Khawar ,  CHANG, Shih-Chun ,  VU, Hai

IPC: H04L12/26 ,  G06F11/34 ,  H04L29/06

Abstract: An application and network analytics platform can capture telemetry from servers and network devices operating within a network. The application and network analytics platform can determine an application dependency map (ADM) for an application executing in the network. Using the ADM, the application and network analytics platform can resolve flows into flowlets of various granularities, and determine baseline metrics for the flowlets. The baseline metrics can include transmission times, processing times, and/or data sizes for the flowlets. The application and network analytics platform can compare new flowlets against the baselines to assess availability, load, latency, and other performance metrics for the application. In some implementations, the application and network analytics platform can automate remediation of unavailability, load, latency, and other application performance issues.